Hello all,
I was told to post my problem here. I have three questions. But first a little context, I am using a custom board based upon the IMX6ULEVK. This board has an SE050A1 chip on it which I want to use with OpenSSL. Also I have an IMX6ULEVK with the OM-SE050ARD.
1. First off, on my custom board the SE050 is connected to I2C-0:0x48. Everywhere it's listed that i2c-1 is the standard interface that is used. Now I am able to run the examples like ex_ecc like: ex_ecc "/dev/i2c-0:0x48" . However i am not sure how to use i2c-0 when using the provider like this:
openssl rand --provider /usr/lib/libsssProvider.so -hex 32. Is there possibly a cmake option I missed? Or is there anything else i can provide in my bitbake recipe to achieve this? (BB file provided: "se050x.bb.txt")
2. When running ex_ecc (i believe) platformSCP03 is correctly used. But when running openssl I get errors on the sss_session_open. (see logs: )
3. the only commands available on my IMX6UL are:
ex_ecc ex_ecdh ex_eddsa ex_hkdf ex_symmetric
se052_deep_pwr_down se05x_ConcurrentEcc se05x_GetInfo se05x_Minimal se05x_scp03_boot
se052_reset_example se05x_ConcurrentSymm se05x_InvokeGarbageCollection se05x_MultipleDigestCryptoObj
I want to update my keys in the future, I am just not sure what i should use for this, I have seen multiple mentions of the Access Manager and the SSSCLI tools. These are not available to me. I am wondering if I should use these to update the keys? If so, How can I make these tools available on my board.
Thanks for the reply in advance
With kind regards
Hi,
First off, thanks for the reply, setting the boot_sss_port did work! However the SCP03 still does not, i have provided my debug output (file= ex_ecc_openssl_logs_2.0.txt). So the examples do run with the same keys. However, the openssl provider doesn't.
regarding the ssscli tool i'm currently trying to add this to my yocto image. I will keep you updated.
with kind regards
Hi @eal-fox ,
To use provider with SCP03 , you have to add the following code manually at first.
Please kindly refer to https://github.com/NXPPlugNTrust/se05x-openssl-provider for more details.
Please also be aware that the github version has some new features beyond the current MW and will be merged into the next release, so for now, please use the github version provider instead.
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Hi @eal-fox ,
Please kindly have my comments as below:
1. Please use EX_SSS_BOOT_SSS_PORT to specify the i2c port used by the provider. For example, use the following command at first before issuing any openssl commands.
export EX_SSS_BOOT_SSS_PORT="/dev/i2c-0:0x48"
2. Similar as above, use EX_SSS_BOOT_SCP03_PATH to specify the key file path in case you are using provider. for example, export EX_SSS_BOOT_SCP03_PATH="/home/ubuntu/simw-top/sss/plugin/openssl_provider/scripts/se050F_scp_keys.txt" , please kindly refer to se05x_mw_v04.05.01/simw-top/doc/appendix/platfscp.html for more details regarding the key file format.
3. Those bin files are demos out of the MW , you may build your own application based on them or just create a new one, alternatively you may use command line tool such as the SSSCLI tool to update the keys inside, please refer to se05x_mw_v04.05.01/simw-top/doc/cli-tool.html for more details regarding the SSSCLI tool usage as well as installation.
Hope that helps,
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------